I have Followed steps using Avast, Kaspersky, Malwarebytes and superantispyware. If we can’t get this cleaned off in this thread Im just going to wipe the machine as I will be out of options. Avast and Kaspersky both detect the win32 downloader and say they have cleaned and just require a reboot. Avast does a boot time scan at that time and when the computer rstarts the virus is detected all over again.
I have run a full scan and a quick scan with the setting you recommend with MBAM, here is my log which does not see the same malware Avast and Kasper see…
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please copy and paste log back here.
[*]The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
.tmp files in c:windows\temp\randomized generated folder names. I dont believe these files are the originators of the virus though… they keep being regenerated.
Did you install this programme MyStart Anti-phishing Domain Advisor
Download and Install Combofix
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Here is the log file of the quick scan, and after the reboot, that button is still gone, its the button i use to get to my restart and shutdown commands as well as my programs list… it was 8.1s solution to pokki sucking as a new start button… any idea how to get it back? it looks like a house.